oss-security - Re: CVE request: vorbis-tools: buffer overflow in aiff

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-Id: <20150830125854.D2A876C0065@smtpvmsrv1.mitre.org>
Date: Sun, 30 Aug 2015 08:58:54 -0400 (EDT)
From: cve-assign@...re.org
To: pcheng@....com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: vorbis-tools: buffer overflow in aiff_open()

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Affected Version: <= Revision 19495
> I was testing with vorbis-tools-1.4.0
> https://wiki.xiph.org/Vorbis-tools

> An issue was found in oggenc/audio.c when it tries to open invalid AIFF file.
> 
> 274    if(fread(buffer,1,len,in) < len)
> The input buffer and length can be controlled by user indirectly via:
> 
> 260    if(!find_aiff_chunk(in, "COMM", &len))

> oggenc aiff_open buffer overflow
> https://trac.xiph.org/ticket/2212

Use CVE-2015-6749.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV4v0DAAoJEL54rhJi8gl5ITkQALDXlsXi993gR0THhgevCT7K
SS9FX+eZBGyO3u/6X+XztB+kyQOKpRAKxW1t9zKsOuB96RU6zdD4F1mSUd0Ex8GC
10BjDCHuRnmzTOaKLrVWcMKGneXBnQkGklDzKk0nd3VRUyQ0Nso9WPqrblq9qocu
RLZUWlgE8W6ObwrFAFxu9aNMEWJZqoi0hIsQg7mdYbQNnE30PHw9raifIPIMze2V
Kd61d6F2RxSr61DJ5A21EDHTyEKUdhQE8VRWMx+UegzFzVjIc1yK8eHRz2SgJkag
YtP2Cx9STH/sd/6ygswu36iGop1Y6ECRM0N7GzNkpqMaHa1Og202e30NR+P8dcgg
u5DoXNS1+Q7bn3xc9C1807O5+QkUsnCtXbT37XTAkTI9EzRoNpEaOzyptKXc5dGp
Id9hOuJHRfYZGliPlCrAzmoS3Tyb77JWePpDoVoB96zRUMVhPZZ+1Vble54aFM33
cvALFULGBJC9B+a8zZwaH/ppls8nsmbntStvx1CfF3SgYlG8QqlcZEYKvGXOUXaP
nTkHD/J8Bf4QRdMjQbSQDCFpjWoLXkwd8MkJHWxE65NKBqm4Wq5yQSlHSPF7QnYH
Mvhj1DhISRceHZ29gfIykAP1Q2o3ScctN3XN+NPk0x+iMomDQNoUQ72TDasLX5sG
UvkC0Up58HST8GoUqQw7
=ZACh
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.